astro-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's documentation and required workflow show fetching and loading external data (e.g., SKILL.md "Data Fetching" with fetch('https://api.example.com/data'), references/collections.md "Custom/Remote Loaders" using fetch("https://api.example.com/countries"), and references/components.md frontmatter examples that await fetch()), which clearly ingests open third‑party content into the runtime and can influence rendering/behavior, exposing the agent to untrusted user-controlled content that could carry indirect prompt instructions.